Merge branch 'main' into sainoe/pss-upgrade

.changelog/unreleased/bug-fixes/1921-write-stderr.md

@@ -0,0 +1,2 @@
+- Write unbonding period advisory to stderr instead of stdout
+  ([\#1921](https://github.com/cosmos/interchain-security/pull/1921))

.changelog/unreleased/dependencies/1907-bump-ibc.md

@@ -0,0 +1,3 @@
+- Bump [ibc-go](https://github.com/cosmos/ibc-go) to
+  [v7.5.0](https://github.com/cosmos/ibc-go/releases/tag/v7.5.0).
+  ([\#1907](https://github.com/cosmos/interchain-security/pull/1907))

.changelog/v4.2.0/api-breaking/provider/1732-assigning-already-assigned-key-fix.md

@@ -0,0 +1,2 @@
+- Assigning a key that is already assigned by the same validator will now be a no-op instead of throwing an error.
+  ([\#1732](https://github.com/cosmos/interchain-security/pull/1732))

.changelog/v4.2.0/api-breaking/provider/1863-add-minimum-power-in-topN-to-consumer-chain-list.md

@@ -0,0 +1,2 @@
+- Changes the `list-consumer-chains` query to include a `min_power_in_top_N` field, as well as fields for all power shaping parameters of the consumer.
+  ([\#1863](https://github.com/cosmos/interchain-security/pull/1863))

.changelog/v4.2.0/dependencies/1876-bump-comet.md

@@ -0,0 +1,3 @@
+- Bump [CometBFT](https://github.com/cometbft/cometbft) to
+  [v0.37.6](https://github.com/cometbft/cometbft/releases/tag/v0.37.6).
+  ([\#1876](https://github.com/cosmos/interchain-security/pull/1876))

.changelog/v4.2.0/dependencies/1876-bump-sdk.md

@@ -0,0 +1,3 @@
+- Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to
+  [v0.47.11](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.11).
+  ([\#1876](https://github.com/cosmos/interchain-security/pull/1876))

.changelog/v4.2.0/features/provider/1587-enable-opt-in-chains-through-gov-proposals.md

@@ -0,0 +1,2 @@
+- Enable Opt In and Top N chains through gov proposals.
+  ([\#1587](https://github.com/cosmos/interchain-security/pull/1587))

.changelog/v4.2.0/features/provider/1809-pss.md

@@ -0,0 +1,3 @@
+- Adding the Partial Set Security (PSS) feature cf. [ADR 015](https://cosmos.github.io/interchain-security/adrs/adr-015-partial-set-security).
+  PSS enables consumer chains to join ICS as _Top N_ or _Opt In_ chains and enables validators to opt to validate the consumer chains they want.
+  ([\#1809](https://github.com/cosmos/interchain-security/pull/1809))

.changelog/v4.2.0/features/provider/1830-introduce-power-shaping.md

@@ -0,0 +1,2 @@
+- Introduce power-shaping features for consumer chains. The features: (i) allow us to cap the total number of validators that can validate the consumer chain, (ii) set a cap on the maximum voting power (percentage-wise) a validator can have on a consumer chain, and (iii) introduce allowlist and denylists to restrict which validators are allowed or not to validate a consumer chain.
+  ([\#1830](https://github.com/cosmos/interchain-security/pull/1830))

.changelog/v4.2.0/features/provider/1863-add-minimum-power-in-topN-to-consumer-chain-list.md

@@ -0,0 +1,2 @@
+- Changes the `list-consumer-chains` query to include a `min_power_in_top_N` field, as well as fields for all power shaping parameters of the consumer.
+  ([\#1863](https://github.com/cosmos/interchain-security/pull/1863))

.changelog/v4.2.0/features/provider/1867-add-query-for-latest-consumer-validator-set.md

@@ -0,0 +1,2 @@
+- Introduces the `consumer-validators` query to retrieve the latest set consumer-validator set for a consumer chain.
+  ([\#1863](https://github.com/cosmos/interchain-security/pull/1867))

.changelog/v4.2.0/state-breaking/provider/1587-enable-opt-in-chains-through-gov-proposals.md

@@ -0,0 +1,2 @@
+- Enable Opt In and Top N chains through gov proposals.
+  ([\#1587](https://github.com/cosmos/interchain-security/pull/1587))

.changelog/v4.2.0/state-breaking/provider/1732-assigning-already-assigned-key-fix.md

@@ -0,0 +1,2 @@
+- Assigning a key that is already assigned by the same validator will now be a no-op instead of throwing an error.
+  ([\#1732](https://github.com/cosmos/interchain-security/pull/1732))

.changelog/v4.2.0/state-breaking/provider/1809-pss.md

@@ -0,0 +1,2 @@
+- Adding the Partial Set Security feature cf. [ADR 015](https://cosmos.github.io/interchain-security/adrs/adr-015-partial-set-security).
+  ([\#1809](https://github.com/cosmos/interchain-security/pull/1809))

.changelog/v4.2.0/state-breaking/provider/1830-introduce-power-shaping.md

@@ -0,0 +1,2 @@
+- Introduce power-shaping features for consumer chains. The features: (i) allow us to cap the total number of validators that can validate the consumer chain, (ii) set a cap on the maximum voting power (percentage-wise) a validator can have on a consumer chain, and (iii) introduce allowlist and denylists to restrict which validators are allowed or not to validate a consumer chain.
+  ([\#1830](https://github.com/cosmos/interchain-security/pull/1830))

.changelog/v4.2.0/summary.md

@@ -0,0 +1 @@
+May 17, 2024

.coderabbit.yml

@@ -0,0 +1,41 @@
+language: "en"
+early_access: false
+reviews:
+    request_changes_workflow: false
+    high_level_summary: true
+    poem: false
+    review_status: false
+    collapse_walkthrough: true
+    path_filters:
+        - "!api/"
+        - "!docs/"
+    path_instructions:
+        - path: "**/*.go"
+          instructions: "Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations."
+        - path: "tests/e2e/*"
+          instructions: |
+              "Assess the e2e test code assessing sufficient code coverage for the changes associated in the pull request"
+        - path: "tests/integration/*"
+          instructions: |
+              "Assess the e2e test code assessing sufficient code coverage for the changes associated in the pull request"
+        - path: "**/*_test.go"
+          instructions: |
+              "Assess the unit test code assessing sufficient code coverage for the changes associated in the pull request"
+        - path: "**/*.md"
+          instructions: |
+              "Assess the documentation for misspellings, grammatical errors, missing documentation and correctness. Please DO NOT report any missing or superfluous newlines, in particular at the end or beginning of files."
+        - path: ".changelog/*"
+          instructions: |
+              "Assess the changes in the changelog for correctness and completeness, particularly flagging missing changes"
+    auto_review:
+        enabled: true
+        ignore_title_keywords:
+            - "WIP"
+            - "DO NOT MERGE"
+        drafts: false
+        base_branches:
+            - "main"
+            - "feat/*"
+            - "release/*"
+chat:
+    auto_reply: true

.github/.codespellignore

@@ -1,3 +1,5 @@
 clienta
 connectiona
 sover
+optin
+opt-in

.github/dependabot.yml

@@ -22,7 +22,7 @@ updates:
     directory: "/"
     schedule:
       interval: daily
-    target-branch: "release/v2.0.x"
+    target-branch: "release/v4.1.x"
     # Only allow automated security-related dependency updates on release branches.
     open-pull-requests-limit: 0
     labels:
@@ -32,27 +32,7 @@ updates:
     directory: "/"
     schedule:
       interval: daily
-    target-branch: "release/v2.4.x-lsm"
-    # Only allow automated security-related dependency updates on release branches.
-    open-pull-requests-limit: 0
-    labels:
-      - dependencies
-
-  - package-ecosystem: gomod
-    directory: "/"
-    schedule:
-      interval: daily
-    target-branch: "release/v3.1.x"
-    # Only allow automated security-related dependency updates on release branches.
-    open-pull-requests-limit: 0
-    labels:
-      - dependencies
-
-  - package-ecosystem: gomod
-    directory: "/"
-    schedule:
-      interval: daily
-    target-branch: "release/v3.2.x"
+    target-branch: "release/v4.1.x-lsm"
     # Only allow automated security-related dependency updates on release branches.
     open-pull-requests-limit: 0
     labels:
@@ -62,7 +42,7 @@ updates:
     directory: "/"
     schedule:
       interval: daily
-    target-branch: "release/v3.3.x"
+    target-branch: "release/v4.2.x"
     # Only allow automated security-related dependency updates on release branches.
     open-pull-requests-limit: 0
     labels:
@@ -72,7 +52,7 @@ updates:
     directory: "/"
     schedule:
       interval: daily
-    target-branch: "release/v4.0.x"
+    target-branch: "release/v4.2.x-lsm"
     # Only allow automated security-related dependency updates on release branches.
     open-pull-requests-limit: 0
     labels:
@@ -82,18 +62,9 @@ updates:
     directory: "/"
     schedule:
       interval: daily
-    target-branch: "release/v4.1.x"
+    target-branch: "release/v5.x"
     # Only allow automated security-related dependency updates on release branches.
     open-pull-requests-limit: 0
     labels:
       - dependencies
 
-  - package-ecosystem: gomod
-    directory: "/"
-    schedule:
-      interval: daily
-    target-branch: "release/v4.1.x-lsm"
-    # Only allow automated security-related dependency updates on release branches.
-    open-pull-requests-limit: 0
-    labels:
-      - dependencies

.github/workflows/deploy-docs.yml

@@ -37,10 +37,12 @@ jobs:
       - name: Build 🔧
         run: |
           npm install -g npm@10.2.4
-          make build-docs
+          cd docs
+          ./sync_versions.sh
+          ./build_deploy.sh
 
       - name: Deploy 🚀
-        uses: JamesIves/github-pages-deploy-action@v4.5.0
+        uses: JamesIves/github-pages-deploy-action@v4.6.1
         with:
           branch: gh-pages
           folder: ~/output

.github/workflows/lint-pr.yml

@@ -17,7 +17,7 @@ jobs:
       statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v5.4.0
+      - uses: amannn/action-semantic-pull-request@v5.5.2
         id: lint_pr_title
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/nightly-e2e.yml

@@ -181,6 +181,102 @@ jobs:
           go-version: "1.21" # The Go version to download (if necessary) and use.
       - name: E2E consumer-double-downtime tests
         run: go run ./tests/e2e/... --tc consumer-double-downtime
+  partial-set-security-opt-in-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: Checkout LFS objects
+        run: git lfs checkout
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21" # The Go version to download (if necessary) and use.
+      - name: E2E partial set security opt-in chain
+        run: go run ./tests/e2e/... --tc partial-set-security-opt-in
+  partial-set-security-top-n-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: Checkout LFS objects
+        run: git lfs checkout
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21" # The Go version to download (if necessary) and use.
+      - name: E2E partial set security Top N chain
+        run: go run ./tests/e2e/... --tc partial-set-security-top-n
+  partial-set-security-validator-set-cap-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: Checkout LFS objects
+        run: git lfs checkout
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21" # The Go version to download (if necessary) and use.
+      - name: E2E partial set security validator-set cap
+        run: go run ./tests/e2e/... --tc partial-set-security-validator-set-cap
+  partial-set-security-validators-power-cap-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: Checkout LFS objects
+        run: git lfs checkout
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21" # The Go version to download (if necessary) and use.
+      - name: E2E partial set security validators-power cap
+        run: go run ./tests/e2e/... --tc partial-set-security-validators-power-cap
+  partial-set-security-validators-allowlisted-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: Checkout LFS objects
+        run: git lfs checkout
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21" # The Go version to download (if necessary) and use.
+      - name: E2E partial set security allowlist
+        run: go run ./tests/e2e/... --tc partial-set-security-validators-allowlisted
+  partial-set-security-validators-denylisted-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: Checkout LFS objects
+        run: git lfs checkout
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21" # The Go version to download (if necessary) and use.
+      - name: E2E partial set security denylist
+        run: go run ./tests/e2e/... --tc partial-set-security-validators-denylisted
 
   nightly-test-fail:
     needs:
@@ -193,11 +289,17 @@ jobs:
       - consumer-misbehaviour-test
       - consumer-double-sign-test
       - consumer-double-downtime-test
+      - partial-set-security-opt-in-test
+      - partial-set-security-top-n-test
+      - partial-set-security-validator-set-cap-test
+      - partial-set-security-validators-power-cap-test
+      - partial-set-security-validators-allowlisted-test
+      - partial-set-security-validators-denylisted-test
     if: ${{ failure() }}
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.25.0
+        uses: slackapi/slack-github-action@v1.26.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

.github/workflows/proto-registry.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: bufbuild/buf-setup-action@v1.30.1
+      - uses: bufbuild/buf-setup-action@v1.32.0
       - uses: bufbuild/buf-push-action@v1
         with:
           input: "proto"

.github/workflows/proto.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: bufbuild/buf-setup-action@v1.30.1
+      - uses: bufbuild/buf-setup-action@v1.32.0
       - uses: bufbuild/buf-breaking-action@v1
         with:
           input: "proto"

.gitignore

@@ -8,3 +8,7 @@ vendor/
 build/
 .vscode
 .idea
+
+# docusaurus versioned docs created during build
+docs/versioned_docs
+docs/versioned_sidebars